In particular, the primary thrust of our complaint focuses on how Google tracks and builds behavioral profiles on students when they navigate to Google-operated sites outside of Google Apps for Education. We’ve tried to explain this issue in both our complaint and our FAQ, but given its significance we think it’s worth explaining again.

Google has promised not to build profiles on students or serve them ads only within Google Apps for Education services. When a student goes to a different Google service, however, and they’re still logged in under their educational account, Google associates their activity on that service with their educational account, and then serves them ads on at least some of those non-GAFE services based on that activity.

In other words, when a student logs into their educational account, and then uses Google News to create a report on current events, or researches history using Google Books, or has a geography lesson using Google Maps, or watches a science video on YouTube, Google tracks that activity and feeds it into an ad profile attached to the student’s educational account—even though Google knows that the person using that account is a student, and the account was created for educational purposes.

This is our biggest complaint about Google’s practices—that despite having promised not to track students, Google is abusing its position of power as a provider of some educational services to profit off of students’ data when they use other Google services—services that Google has arbitrarily decided don’t deserve any protection.

Of course, that’s not to say that Google’s use of Chrome Sync data for non-educational purposes isn’t a problem. While we agree that Chrome Sync is an incredibly useful service, we don’t think students should be guinea pigs in Google’s efforts to improve its products without explicit parental opt-in—even if their data is anonymized and aggregated. The Student Privacy Pledge website clearly says that service providers will “use data for authorized education purposes only”—and anonymized or not, using Chrome Sync data for anything other than the Chrome Sync service itself does not constitute an educational purpose.

While our FTC complaint is focused on Google, rest assured that we’re not limiting our campaign to one company. In the coming weeks and months we intend to continue investigating the practices of other cloud-based education services. And if you’re a parent or teacher with first-hand knowledge of other cloud-based education services, you can help us out by filling out our survey so we can gather more information to decide where to focus next!

Related Updates

A greater portion of the world’s work, organizing, and care-giving is moving onto digital platforms and tools that facilitate connection and productivity: video conferencing, messaging apps, healthcare and educational platforms, and more. It’s important to be aware of the ways these tools may impact your digital privacy and security during...

The Senate Judiciary Committee recently held a hearing on “Protecting Digital Innocence.” The hearing covered a range of problems facing young people on the Internet today, with a focus on harmful content and privacy-invasive data practices by tech companies. While children do face problems online, some committee members seemed...

Grassroots digital rights organizing has many faces, including that of hands-on hardware hacking in an Ivy League institution. Yale Privacy Lab is a member of the Electronic Frontier Alliance, a network of community and student groups advocating for digital rights in local...

Last month, the Federal Trade Commission and the U.S. Department of Education held a workshop in Washington, DC. The topic was “Student Privacy and Ed Tech.” We at EFF have been trying to get the FTC to focus on the privacy risks of educational technology (or “ed tech”) for...

Three years ago, EFF exposed how hundreds of law enforcement agencies were putting families at risk by distributing free ComputerCOP “Internet safety” software that actually transmitted keystrokes unencrypted to a third-party server. Our report also raised serious questions about whether the company was deceiving government agencies by circulating a...

The new school year starts next week for most schools across the country. As part of the first line of defense in protecting student privacy, teachers need to be ready to spot the implications of new technology and advocate for their students' privacy rights.
Our student privacy...

Students: As you get ready to go back to school, add "review your student privacy rights" to your back-to-school to-do list, right next to ordering books and buying supplies. Exciting new technology in the classroom can also mean privacy violations, including the chance that your personal devices and online...

The beginning of the school year is right around the corner. Over the summer, your school may have acquired new devices, software, and educational technology (or ed tech) to use in classrooms. Or, your school may have expanded existing technology programs, or may be thinking about adopting new forms of...

EFF Survey Reveals Gaps in Protecting the Privacy of K-12 Students Using School-Issued Devices and Cloud Apps “They are collecting and storing data to be used against my child in the future, creating a profile before he can intellectually understand the consequences of his searches and digital behavior."
This...